[
https://issues.apache.org/jira/browse/SHIRO-454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andreas Sahlbach updated SHIRO-454:
-----------------------------------
Description:
I am using Shiro together with Vaadin, but the following should be true for all
GWT based rich clients.
If you are using these kind of frameworks, you mostly want to handle login and
logout within the application itself. If this is the case, you absolutely don't
want that a logout destroys the http session. Because that will alert the user
that the session is gone and will force the user to reload the whole
application and starting from scratch.
Please: Just give me the possibility to do a user logout without ruining the
http session. As a workaround I inherited from DefaultWebSecurityManager and
overwrote the logout method to do everything but the http session invalidation.
But that's a lot of cut and paste code and it could be easily provided by
introducing a configurable setting or parameter for the logout.
was:
I am using Shiro together with Vaadin, but the following should be true for all
GWT based rich clients.
If you are using these kind of frameworks, you mostly want to handle login and
logout within the application itself. If this is the case, you absolutely don't
want that a logout destroys the http session. Because that will alert the user
that the session is gone and will force the user to reload the whole
application and starting from scratch.
Please: Just give me the possibility to do a user logout. As a workaround I
inherited from DefaultWebSecurityManager and overwrote the logout method to do
everything but the http session invalidation. But that's a lot of cut and paste
code and it could be easily provided by introducing a configurable setting or
parameter for the logout.
> Provide a way to logout a user without destroying the http session
> ------------------------------------------------------------------
>
> Key: SHIRO-454
> URL: https://issues.apache.org/jira/browse/SHIRO-454
> Project: Shiro
> Issue Type: Improvement
> Components: Authentication (log-in), Session Management
> Affects Versions: 1.2.1
> Reporter: Andreas Sahlbach
>
> I am using Shiro together with Vaadin, but the following should be true for
> all GWT based rich clients.
> If you are using these kind of frameworks, you mostly want to handle login
> and logout within the application itself. If this is the case, you absolutely
> don't want that a logout destroys the http session. Because that will alert
> the user that the session is gone and will force the user to reload the whole
> application and starting from scratch.
> Please: Just give me the possibility to do a user logout without ruining the
> http session. As a workaround I inherited from DefaultWebSecurityManager and
> overwrote the logout method to do everything but the http session
> invalidation. But that's a lot of cut and paste code and it could be easily
> provided by introducing a configurable setting or parameter for the logout.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
